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(54) SECURITY STRENGTHENING SYSTEM 

(57)Abstract: 

PROBLEM TO BE SOLVED: To strengthen a security function even in 
the case of utilizing a non- safety communication path by excluding the 
danger of 'successful impersonating' due to an illegal user by completing 
user identification with the terminal position information of a terminal 
position detecting means and an area setting/ discriminating means or 
the like. 

SOLUTION: A terminal (A) 100 of a person to be verified is provided with 
a terminal position detecting means 120 for always detecting its present 
position by detecting a sensor terminal itself for detecting the direction, 
attitude and three-dimensional movement of the terminal together with 
a verifying means 110 and a transaction permission area setting means 
130 for making the terminal position and a transaction permission area 
correspondent on a stereoscopic map. Besides, a server (B) 200 of a 
verifying person is provided with a security function support means 220 
for preserving the password of every user and the data of the 
transaction permission area and referring to them at the time of 
verification together with a verifying means 210 and an area 
discriminating means 230 for discriminating the permission of 
transaction based on these data. 
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(54) [Title of the Invention] Security Reinforcing System 
(57) [Abstract] 

[Object] To provide a security reinforcing system which 
eliminates the possibility of impersonation performed by an 
unauthorized user and reinforces a security function even 
when a non- secure communication channel is used. 
[Solution] A security reinforcing system using an 
authentication method for authenticating the user of a 
terminal by means of digital information which is exchanged 
via a communication line, wherein a terminal A 100 comprises 
terminal location detecting means 120 for detecting the 
location of the terminal and permitted area setting means 130 
for setting a transaction permitted area; a server B 200 
comprises security function supporting means 220 for storing 
the registered areas of users which have been set by the 
permitted area setting means 130 and user transaction 
permitted area determining means 230 for determining whether 
the location of a terminal which has been detected by the 
terminal location detecting means 120 is within the 
registered area; and authentication of a user is complemented 
by the terminal location information. 
[Claims] 

[Claim 1] A security reinforcing system using an 
authentication method for authenticating the user of a 



terminal by means of digital information which is exchanged 
via a communication line, wherein 

the device of one to be authenticated comprises: 

terminal location detecting means for detecting 
the location of the terminal, and 

permitted area setting means for setting a 
transaction permitted area; 
the device of one who performs authentication 
comprises : 

registered area storing means for storing the 
registered areas of users which have been set by the 
permitted area setting means, and 

area determining means for determining whether 
the location of a terminal which has been detected by 
the terminal location detecting means falls within 
the registered area; and 
authentication of a user is complemented by the 
terminal location information. 

[Claim 2] A security reinforcing system as described in 
claim 1, wherein, as the digital information exchanged via a 
communication line, the terminal location information is 
encrypted and then transmitted to the device of the one who 
performs authentication, 

[Claim 3] A security reinforcing system as described in 
claim 1 or 2, wherein the terminal location detecting means 
has a motion sensor for detecting displacement of a terminal 
body. 
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[Claim 4] A security reinforcing system as described in 
claim 1 or 2, wherein the terminal location detecting means 
has location information acquiring means for acquiring 
location information by means of a mobile communication 
system. 

[Claim 5] A security reinforcing system as described in 
claim 1 or 2, wherein the terminal location detecting means 
comprises location information acquiring means for acquiring 
location information by means of a mobile communication 
system, and a motion sensor for detecting displacement of a 
terminal body and detects the location of a terminal based on 
location information acquired by the location information 
acquiring means and displacement data obtained by the motion 
sensor. 

[Claim 6] A security reinforcing system as described in 
claim 1 or 2, wherein the terminal location detecting means 
has location detecting means for detecting location 
information by means of an external signal. 

[Claim 7] A security reinforcing system as described in any 
one of claims 1, 2, and 6, further comprising correction 
means for correcting terminal location information obtained 
by the terminal location detecting means. 

[Claim 8] A security reinforcing system as described in 
claim 1 or 2, wherein the terminal location detecting means 
comprises location detecting means for detecting location 
information by means of an external signal, means for 
detecting displacements by means of a motion sensor, and 
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evaluation means for evaluating the receiving condition of an 
external signal and corrects the terminal location 
information by use of displacement data obtained by the 
displacement detecting means based on evaluation made by the 
evaluating means . 

[Claim 9] A security reinforcing system as described in any 
one of claims 6, 7, and 8, wherein the external signal is a 
GPS radio signal. 

[Claim 10] A security reinforcing system as described in 
claim 1 or 2, wherein the security reinforcing system limits 
a communication channel used for registering areas in the 
registered area storing means. 

[Claim 11] A security reinforcing system as described in 
claim 1 or 2, wherein the device of one who performs 
authentication has means for registering the number of times 
one to be authenticated is allowed to retry a request for 
authentication and performs a transaction prohibiting process 
when the number of times the area determining means 
determines that location information attached to digital 
information exchanged on request for authentication fails to 
match area information registered in advance exceeds the 
number of allowable retries. 

[Claim 12] A security reinforcing system as described in 
claim 1 or 2, wherein the terminal of one to be authenticated 
is a car-mounted terminal which acquires terminal location 
information through a car-mounted navigation system. 
[Claim 13] A security reinforcing system as described in 
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claim 1 or 2, wherein the terminal of one to be authenticated 
or one who performs authentication comprises detected 
location correcting means for correcting a location detected 
by the terminal location detecting means, and limiting means 
for limiting at least one of the setting of the detected 
terminal location correcting means, the setting of the 
permitted area setting means, and a location of the terminal 
in which the permitted area setting means is allowed to 
display data. 

[Detailed Description of the Invention] 
[0001] 

[Field of the Invention] 

The present invention relates to a security reinforcing 
system for network security, and more particularly to a 
security reinforcing system for authenticating the user of a 
mobile terminal . 
[0002] 
[Prior Art] 

In recent years, electronic commerce via a network has 
become a reality. When a fixed, closed public circuit is 
used, the security of a transaction is protected by means of 
a user ID and a password, or an account number and a personal 
identification number. However, particularly when an open 
network such as the Internet is used, the security of 
information and authentication of a user are becoming big 
concerns . 
[0003] 
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Further, when a business transaction conducted via a 
network can be performed anywhere by means of a mobile 
terminal or the like, preventing an unauthorized user from 
breaking into a place where a terminal is installed can no 
longer be said to guarantee security of the transaction, and 
authentication of a user is an essential technique for 
realizing secure on-line commerce. 
[0004] 

A representative example of an authentication method is 
a method using an RSA encryption system. An example of the 
method is described in "Information Security Technique and 
Service in Network," Television Institute Journal Vol. 49, No. 
12, pp. 1,567 to 1,571 (1995). 
[0005] 

In the above literature, a brief description of the RSA 
encryption system and a description of an information 
protection system using the RSA encryption system are 
presented. 
[0006] 

Cryptographic algorithms are roughly classified into two 
systems; that is, common key encryption and public key 
encryption, and RSA is a representative example of public key 
encryption. In common key encryption, an encryption key and 
a decryption key are the same, and a sender and a receiver 
perform encryption and decryption quickly with the keys 
maintained secret between the sender and the receiver. 
Meanwhile, in public key encryption typified by the RSA, an 
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encryption key and a decryption key are different, anybody 
can encrypt a communication by means of the public encryption 
key of a receiver, and the communication is decrypted by 
means of a private key owned only by a legitimate receiver. 
The system has a characteristic such that when the order of 
encryption and decryption is reversed, only one who possesses 
a private key can perform private conversion (digital 
signature) and anybody who knows the public key of the owner 
of the private key can perform public conversion 
(verification of signature). 
[0007] 

This characteristic is used to perform authentication of 
a receiver and for verification that the communication has 
been conducted safely and securely. 
[0008] 

"RSA" of the RSA public encryption system is formed by 
the first letters of the names of three developers in MIT; 
i.e., Rivest, Shamir, and Adleman. The algorithm of the RSA 
encryption system is shown in Fig. 11. 
[0009] 

In the system, two types of encryption keys are prepared. 
One of the keys is called a private key and maintained only 
by its owner. The other key is called a public key and is 
passed to one with whom the owner intends to communicate. 
[0010] 

In Fig. 11, d represents a private key, and (e, n) 
represent public keys. Text encrypted by means of the 
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private key can be decrypted only by means of the 
corresponding public keys, whereas text encrypted by means of 
the public keys can be decrypted only by means of the 
corresponding private key. In functions of encryption and 
decryption, "a mod n" represents the remainder when a is 
divided by n. 
[0011] 

The RSA encryption system will be specifically described 
with reference to an exemplary case where a user A transmits 
a message to a user B. 
[0012] 

It is assumed that A has the public key of B and B has 
the public key of A. A first method is a method in which A 
performs encryption by use of the public key of B, and a 
second method is a method in which A performs encryption by 
use of his own private key. 
[0013] 

In the first method, since a message transmitted by A 
can be decrypted only by means of the private key of B, the 
confidentiality of the information can be protected from a 
third person. Meanwhile, in the second method, since a 
message transmitted from A to B can be prepared only by means 
of the private key of A, it is guaranteed that the 
transmitter is A, and it can be assumed that the content of 
the message has not been tampered with. 
[0014] 

Since authentication of the user A can be performed by 
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the second method, it can be used as digital signature. 
Further, since the message transmitted from A to B can be 
decrypted by means of the public key of A, the second method 
can also protect data in combination with the first method. 
[0015] 

The security of the system consists depends on 
difficulty in performing large-scale factorization into prime 
factors when n is large, and since a decryption method other 
than a method comprising trying all possible keys has not yet 
been found, the system is considered one of the most reliable 
public key encryption systems. 
[0016] 

[Problems to be solved by the Invention] 

However, the system is not completely free from the 
possibility that a third person finds an algorithm for 
creating a private key from a public key or obtains the 
private key. The shorter a private key is, the easier it is 
to break the private key. This is particularly problematic 
when the system is used via a non-secure communication 
channel. Further, even if the possibility is theoretically 
decreased, the possibility that a third person who has 
acquired a user card or terminal incorporating a private key 
makes unauthorized use of the user card or terminal by 
impersonating the rightful owner of the card or terminal 
cannot be prevented. 
[0017] 

Particularly, when a private key has portability as in 
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the case of a user card or portable terminal, the possibility 
that a user card or portable terminal falling into the hands 
of a hostile third person still remains even if the 
possibility that the information is stolen via a network is 
eliminated. 
[0018] 

An object of the present invention is to provide a 
security reinforcing system which eliminates the possibility 
of impersonation performed by an unauthorized user and 
reinforces a security function even when a non- secure 
communication channel is used. 
[0019] 

[Means for Solving the Problems] 

The security reinforcing system according to the present 
invention is a security reinforcing system using an 
authentication method for authenticating the user of a 
terminal by means of digital information which is exchanged 
via a communication line, wherein the device of one to be 
authenticated comprises terminal location detecting means for 
detecting the location of the terminal and permitted area 
setting means for setting a transaction permitted area; the 
device of one who performs authentication comprises 
registered area storing means for storing the registered 
areas of users which have been set by the permitted area 
setting means and area determining means for determining 
whether the location of a terminal which has been detected by 
the terminal location detecting means falls within the 
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registered area; and authentication of a user is complemented 

by the terminal location information. 

[0020] 

Further, as the digital information exchanged via a 
communication line, the terminal location information may be 
encrypted and then transmitted to the device of the one who 
performs authentication. The terminal location detecting 
means may have a motion sensor for detecting displacement of 
a terminal body. 
[0021] 

Further, the terminal location detecting means may have 
location information acquiring means for acquiring location 
information by means of a mobile communication system. The 
terminal location detecting means may comprise location 
information acquiring means for acquiring location 
information by means of a mobile communication system, and a 
motion sensor for detecting displacement of a terminal body 
and may detect the location of a terminal based on location 
information acquired by the location information acquiring 
means and displacement data obtained by the motion sensor. 
[0022] 

Further, the terminal location detecting means may have 
location detecting means for detecting location information 
by means of an external signal. The system may also have 
correction means for correcting terminal location information 
obtained by the terminal location detecting means. 
[0023] 
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Further, the terminal location detecting means may 
comprise location detecting means for detecting location 
information by means of an external signal, means for 
detecting displacements by means of a motion sensor, and 
evaluation means for evaluating the receiving condition of an 
external signal and may correct the terminal location 
information by use of displacement data obtained by the 
displacement detecting means based on evaluation made by the 
evaluating means. The external signal may be a GPS radio 
signal. 
[0024] 

Further, the above security reinforcing system may limit 
a communication channel used for registering areas in the 
registered area storing means. 
[0025] 

Further, the device of one who performs authentication 
may have means for registering the number of times one to be 
authenticated is allowed to retry a request for 
authentication and perform a transaction prohibiting process 
when the number of times the area determining means 
determines that location information attached to digital 
information exchanged on request for authentication fails to 
match area information registered in advance exceeds the 
number of allowable retries. 
[0026] 

Further, the terminal of one to be authenticated may be 
a car-mounted terminal which acquires terminal location 
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information through a car-mounted navigation system. 
[0027] 

Further, the terminal of one to be authenticated or one 
who performs authentication may comprise detected location 
correcting means for correcting a location detected by the 
terminal location detecting means, and limiting means for 
limiting at least one of the setting of the detected terminal 
location correcting means, the setting of the permitted area 
setting means, and a location of the terminal in which the 
permitted area setting means is allowed to display data. 
[0028] 

[Embodiments of the Invention] 

A security reinforcing system according to the present 
invention can be applied to a security reinforcing system 
that can be used for reinforcing the function of 
authenticating a user of electronic commerce using an open 
network such as the Internet. 

[0029] 

Fig. 1 is a block diagram showing the configuration of 
the security reinforcing system according to a first 
embodiment of the present invention. 
[0030] 

In Fig. 1, A represents a portable terminal 100 of one 
to be authenticated (device of one to be authenticated), and 
B represents a server 200 (device of one who performs 
authentication) which authenticates the user of A and other 
users and provides business transaction service. 
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[0031] 

First, the terminal A 100 and the server B 200 have RSA 
encryption system authentication means 110 and 210, 
respectively, which are of the aforementioned prior art. 
[0032] 

Further, the terminal A 100 comprises terminal location 
detecting means 120 for detecting the current location of the 
terminal constantly by detecting the location of a sensor 
terminal which detects the direction, position, and three- 
dimensional motion of the terminal, and transaction permitted 
area setting means 130 which includes a graphic user 
interface function which makes it possible to associate a 
location of the terminal and a transaction permitted area 
with a three-dimensional map. 
[0033] 

The three-dimensional map as used herein refers to a map 
which enables recognition of the planer lay-out of each 
building as well as floor levels thereof. 
[0034] 

Meanwhile, the server B 200 comprises security function 
supporting means (registered area storing means) 220 for 
securely storing data on the password and transaction 
permitted area of each user and referring to the data at the 
time of authentication, and user transaction permitted area 
determining means (area determining means) 230 for 
determining, on the basis of the data, whether a transaction 
is to be permitted. 
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[0035] 

The terminal A 100 and the server B 200 communicate with 
each other via a network. More specifically, they can 
communicate with each other by means of a secure 
communication channel 300 whose security is guaranteed with 
respect to a special location. As for other places, the 
terminal A 100 and the server B 200 use a non-secure 
communication channel 310 for the sake of convenience. 
[0036] 

The secure communication channel 300 as used herein 
refers to a line which is generally immune to phone tapping 
and through which an unauthorized third person cannot carry 
out communication by use of the same address or telephone 
number without permission, or a line which is open but whose 
security is guaranteed to be of the same level as described 
above by employment of a security technique such as 
cryptography. Meanwhile, the non-secure communication 
channel 310 is a line through which it is technically 
possible for a third person having special knowledge and 
equipment to steal communication data. 
[0037] 

Although Fig. 1 shows only one to be authenticated a 10 
as a user, in the general case a plurality of similar users 
and a plurality of terminals exist, and the one to be 
authenticated a 10 represents one of the terminals. In 
addition, it is also possible that a plurality of users 
physically share the same terminal with which each of the 
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users can be authenticated separately. Depending on the 
constitution of the users, it may also be possible to use 
different cryptographic keys. 
[0038] 

In this case, although the configuration of Fig. 1 shows 
cryptographic keys incorporated into the terminal, the keys 
can be incorporated into an IC card or user card which can be 
detached from a terminal. 
[0039] 

Next, the operation of a security reinforcing system 
having the above configuration will be described. 
[0040] 

Fig. 2 is a flowchart for illustrating the operation of 
a security reinforcing system having the configuration of Fig. 
1. The operation will be described following the steps 
constituting the operation. 
[0041] 

<STEP 1> In Fig. 1, the one to be authenticated a 10 who 
is the user of the terminal A 100 effects the initial setting 
of the terminal location detecting means 120 of the terminal 
A 100. In the initial setting, the current location and 
direction of the terminal are adjusted to the coordinates and 
direction of a special location on a map of the system. The 
one to be authenticated a 10 is permitted to make the initial 
setting of the terminal location detecting means 120 of the 
terminal A 100 only when the one to be authenticated a 10 is 
authenticated in the special location by the server B 200 via 
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the secure communication channel 300. Thereby, there can be 
eliminated the possibility of a third person making improper 
setting for the purpose of conducting illegitimate 
transactions. It is assumed that the secure communication 
channel 300 is available between the server B 200 and such a 
special location. 
[0042] 

<STEP 2> By use of the graphic user interface of the 
transaction permitted area setting means 130 of the terminal 
A 100, the one to be authenticated a 10 who is the user of 
the terminal A 100 registers in the security function 
supporting means 220 of the server B 200 an area in which a 
business transaction with the terminal A 100 is permitted. 
In general, the registration process is conducted in a 
special location. It is assumed that the secure 
communication channel 300 is also available between the 
server B 200 and the special location. 
[0043] 

<STEP 3> A case where the terminal A 100 is brought in 
areas other than the special location set in advance in the 
<STEP 2> will be described as an example hereinafter. To 
conduct a transaction by means of not the secure 
communication channel 300 but the non- secure communication 
channel 310, the terminal A 100 firstly starts to communicate 
with the server B 200 . 
[0044] 

<STEP 4> The one to be authenticated a 10 transmits 
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his/her own user ID code by use of the public key of the 

server B 200. 

[0045] 

<STEP 5> The server B 200 identifies the transmitted 
user ID code by use of the private key of the server B 200. 
Although the user who has transmitted the user ID code cannot 
be authenticated at this point, there is no possibility of 
the user ID code having been stolen by a third person, since 
nobody but the server knows the private key of the server B 
200. 
[0046] 

The server B 200 inquires the identified user about 
his/her password and the type of transaction. 
[0047] 

<STEP 6> The one to be authenticated a 10 transmits 
his/her own password and transaction data after encrypting 
the password and data by use of a private key (in this case, 
the private key of the terminal A 100). At this point, the 
location information of the terminal A 100 is attached 
automatically and encrypted and transmitted together with the 
password and transaction data. 
[0048] 

In addition to encryption performed by use of the 
private key of the server B 200, further encryption is 
performed by use of the public key of the server B 200. This 
eliminates the possibility that the password, transaction 
data, and location information are stolen by a third person 
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who has acquired the public key of the one to be 

authenticated a 10. 

[0049] 

<STEP 7> The server B 200 authenticates the one to be 
authenticated a 10 and confirms that the transaction data 
have not been subjected to tampering, by decrypting the 
password, transaction data, and location information by use 
of the public key of the user identified in the above <STEP 
5> (that is, the public key of the terminal A 100). In 
addition, the server B 200 also checks that the location 
information attached automatically by the location 
information detecting means 120 is included in the 
transaction permitted area registered in advance so as to 
determine that the one to be authenticated a 10 is a valid 
transactor, thereby improving the reliability of 
authentication of a transactor. 
[0050] 

<STEP 8> When the result of the authentication is valid, 
the server B 200 accepts and processes the transaction. 
[0051] 

<STEP 9> When the result of the authentication is 
invalid, the server performs, as an unauthorized use process, 
a transaction prohibiting processing for preventing possible 
unauthorized use of the terminal by an unauthorized person 
when authentication is retried in excess of the number of 
allowable retries set in advance. 
[0052] 
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To cancel the prohibition of transactions, a method may 
be used in which the terminal A 100 can be freed from the 
prohibition of transactions only in the special location via 
the secure communication channel 300. In this method, when 
an authorized user is determined to be an unauthorized user 
by a misoperation or the like, the authorized user is unable 
to conduct a transaction until the prohibition on 
transactions is cleared in the special location. This 
measure is highly effective for improving security. 
[0053] 

Unless the result of the authentication is invalid, a 
transaction terminated once can be resumed, following the 
flow from <STEP 3> inclusive. 
[0054] 

As described above, the security reinforcing system 
according to the first embodiment employs an authentication 
method for authenticating the user of a terminal by means of 
digital information which is exchanged via a communication 
line. In the system, the terminal A 100 comprises the 
terminal location detecting means 120 for detecting the 
location of the terminal and the permitted area setting means 
130 for setting a transaction permitted area; the server B 
200 comprises the security function supporting means 220 for 
storing the registered areas of users which have been set by 
the permitted area setting means 130 and the user transaction 
permitted area determining means 230 for determining whether 
the location of a terminal which has been detected by the 
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terminal location detecting means 120 falls within the 
registered area; and authentication of a user is complemented 
by the terminal location information. The terminal A 100 
incorporates the terminal location detecting means 120 so 
that location data on its current location can be used within 
the terminal. The location information is attached to 
authentication and transaction data upon transmission of the 
authentication and transaction data for conducting a 
transaction, and transmitted to the server B 200. Since only 
the server B 200 knows a preset transaction permitted area, 
the server B 200 can determine, on the basis of the location 
information of the transaction terminal, whether the user of 
the terminal is qualified to conduct a transaction. Thus, 
the system can reinforce the reliability of user 
authentication with a portable terminal. 
[0055] 

In this method, a security function is realized by a 
cryptographic key technique in a transaction using the non- 
secure communication channel 310. Further, even when a 
terminal incorporating cryptographic keys, a user ID, and a 
password or a pair consisting of a terminal and a user card 
incorporating cryptographic keys, a user ID, and a password 
falls into the hands of an unauthorized user, an illegitimate 
transaction can be prevented by virtue of the effect of the 
authentication function using the terminal location 
information. 
[0056] 
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The above location detection includes location detection 
in a vertical direction. Thus, which floor of a building on 
which a terminal is to be used can also be set as a 
transaction permitted area setting. Therefore, even if an 
unauthorized user attempts to make unauthorized use of the 
terminal in the same building, he fails to do so if he makes 
the attempt on a floor different from the one on which the 
terminal is allowed to be used, and the probability that the 
unauthorized user happens to make an unauthorized use of the 
terminal in the permitted area becomes very small. 
[0057] 

In addition, the server B 200 can be set to perform a 
transaction prohibition process automatically when an 
unauthorized user has made a retry in excess of the number of 
allowable retries set in advance by an authorized user. 
Therefore, the security reinforcing system exhibits the 
excellent effect that it can reduce the possibility of 
unauthorized use of a terminal A 100 when the user of the 
terminal A 100 is unaware that the terminal has fallen into 
the hands of an unauthorized user and therefore does not go 
through a procedure for prohibiting use of the terminal A 100. 
[0058] 

Fig. 3 is a diagram showing the configuration of a 
security reinforcing system according to a second embodiment 
of the present invention. 
[0059] 

The second embodiment is an embodiment using an 
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acceleration sensor (motion sensor) as terminal location 
detecting means, and the system which reinforces the security 
of a transaction by use of detected location information is 
the same as that of the first embodiment. 
[0060] 

In Fig. 3, within a portable communication terminal body 
400, a six-axis motion sensor 410 and terminal location 
detecting means 120 into which are input the sensor outputs 
of the six-axis motion sensor 410 are provided. 
[0061] 

The above six-axis motion sensor 410 is an acceleration 
sensor which detects acceleration components in the 
directions of three axes intersecting at right angles. 
Integration of acceleration with respect to time yields a 
velocity component, and integration of velocity with respect 
to time yields a displacement. Therefore, if acceleration is 
detected with high accuracy and a wide dynamic range, the 
acceleration signal can be digitized and calculated to 
produce a three-dimensional displacement vector. 
[0062] 

Meanwhile, since a user does not carry a terminal with 
its orientation maintained constant at all times, its 
displacement vector must be corrected from moment to moment 
according to the orientation and rotation of the terminal, 
and the rotation about each axis of the above six-axis motion 
sensor is detected for use as correction information. The 
detected rotation information is provided to the 3 -axis 
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rotation information inputting means 122 of the terminal 
location detecting means 120, which is shown in Fig. 4 and 
will be described later. 
[00631 

Fig. 4 is a block diagram showing the configuration of 
the above terminal location detecting means 120. 
[0064] 

In Fig. 4, the terminal location detecting means 120 
comprises displacement data inputting means 121 , displacement 
vector calculating means 123, initial value/correction value 
inputting means 124, memory means 125, current location 
coordinates calculating means 126, and terminal current 
location three-dimensional coordinates outputting means 127. 
[0065] 

In the terminal location detecting means 120 shown in 
Fig. 4, the displacement vector calculating means 123 
calculates a displacement vector which can be associated with 
a three-dimensional map provided in the system while 
compensating the position and direction of a terminal on the 
basis of information from the displacement data inputting 
means 121 and information from the 3 -axis rotation 
information inputting means 122 and outputs the calculated 
displacement vector to the current location coordinates 
calculating means 126. 
[0066] 

The current location coordinates calculating means 126 
adds the calculated displacement vector to the immediately 
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preceding coordinates stored in the memory means 125 as a 
vector including the direction of displacement and 
accumulates the coordinates to thereby calculate the 
coordinates of the current location of the terminal on the 
three-dimensional coordinates on the above map. 
[0067] 

The thus obtained coordinates data are output to the 
terminal current location three-dimensional coordinates 
outputting means 127 as digital data. A circuit to output 
the digital data is concealed structurally in the portable 
terminal, has such a structure that it cannot be readily 
measured by means of electrical signals and is a system which 
prohibits data from being read by means of software. 
Alternatively, it is also possible to realize a system which 
destroys a function used for being authenticated and a 
transaction related function when detecting unauthorized data 
modification and can recover the functions only in the 
special location described in the first embodiment. 
[0068] 

The thus obtained terminal location information is 
encrypted and transmitted automatically, without a user being 
aware of it, when the terminal exchanges digital information 
with the server in an authentication process and can be used 
by the device which performs authentication as new 
information which can improve the reliability of 
authentication as described in the first embodiment. 
[0069] 
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As described above, in the security reinforcing system 
according to the second embodiment, the portable 
communication terminal body 400 incorporates the six-axis 
motion sensor 410 which detects displacements of the terminal 
body. The six-axis motion sensor 410 incorporated into the 
terminal provides location coordinates of the terminal which 
correspond to the coordinate system on a three-dimensional 
map provided in the system. The detected location 
information is automatically used in an authentication 
process. Thus, the security reinforcing system can improve 
the reliability of authentication without increasing burdens 
involved in the operation by a user and the like. 
[0070] 

Fig . 5 is a diagram showing the configuration of a 
security reinforcing system according to a third embodiment 
of the present invention. 
[0071] 

The third embodiment is an embodiment using cell 
location information of service zones of a radio telephone as 
terminal location detecting means, and a method of 
reinforcing the security of a transaction by use of location 
information is the same as the first embodiment. 
[0072] 

Although the present embodiment will be described with 
reference to one automobile telephone system as an example, 
the basic concept of the present embodiment is the same in 
other mobile body radio systems. 
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[0073] 

Firstly, location detection using system information in 
a mobile radio system will be described. 
[0074] 

In general, in a mobile communication system, when 
mobile units are called, an area in which mobile units are 
located must be determined in order for the mobile units to 
receive a call, and therefore the current locations of the 
mobile units must be detected and registered constantly. 
Further, radio zones in which the mobile units are present 
are detected when the mobile units originate a call. 
Consequently, more accurate location information can be 
obtained. 
[0075] 

Fig. 5 is a conceptual diagram for illustrating location 
detection using cell location information of service zones of 
an automobile telephone. 
[0076] 

In Fig. 5, P represents a reception control channel, and 
A represents a transmission control channel. Further, <sl>, 
<s2>, . . . <sN> in Fig. 5 correspond to the operations of 
<STEP 1>, <STEP 2>, ... <STEP N> to be described below, 
respectively . 
[0077] 

In an automobile telephone exchange, M represents a 
subscriber memory, PU represents a central processing unit, 
and C represents a channel device. A home memory station is 
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also an automobile telephone exchange, 
[0078] 

Next, operations in location detection and location 
registration will be described. 
[0079] 

<STEP 1> A mobile unit can know in which control zone it 
is present by means of a reception control channel. The 
location of a mobile unit is registered by the control zone. 
For example, when a mobile body moves from a control zone A 
to a control zone B, the mobile body can know the switch of 
the control zones because area identification codes provided 
via the reception control channels of the control zone A and 
the control zone B are different. 
[0080] 

<STEP 2> The mobile unit receives transmission control 
channel information provided via the reception control 
channel of the control zone B and transmits a location 
registration signal via the transmission control channel. 
The location registration signal comprises two frames having 
the same content . 
[0081] 

<STEP 3> The above location registration signal is 
passed to a radio line control station via a radio base 
station. At the radio line control station, each bit of the 
location registration signal comprising two frames is 
verified so as to check the reliability of the location 
registration signal. 



28 



[0082] 

<STEP 4> After the verification, the radio line control 
station transmits the location registration signal to a 
corresponding automobile telephone exchange. 
[0083] 

<STEP 5> The automobile telephone exchange not only 
transmits a location registration confirmation signal to the 
radio line control station but also determines a home memory 
station of an automobile telephone exchange to which the 
mobile unit belongs, based on the number of the mobile unit 
which has transmitted the location registration signal, and 
transfers the location registration signal to the home memory 
station. 
[0084] 

<STEP 6> The home memory station rewrites the location 
information stored in the memory of the subscriber of the 
mobile unit. In the above <STEP 5>, when the automobile 
telephone exchange which transmits the location registration 
confirmation signal to the radio line control station is the 
automobile telephone exchange to which the mobile unit 
belongs, the home memory station of the automobile telephone 
exchange rewrites the location information stored in the 
memory of the subscriber of the mobile unit. 
[0085] 

<STEP 7> After receiving the above location registration 
confirmation signal from the automobile telephone exchange, 
the radio line control station transmits a location 
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registration acceptance signal from the radio base station to 
the mobile unit via the transmission control channel to 
thereby notify the mobile unit that the location registration 
has been accepted. 
[0086] 

<STEP 8> At this point, the mobile body rewrites the 
area identification code in the memory for the first time and 
assumes a standby status with the reception control channel 
of the new control zone, 
[0087] 

As can be understood from the above description, a 
mobile unit can first provide location information indicating 
in which control zone the mobile unit assumes a standby 
status with the transmission control channel of the control 
zone. In addition, the current location of a mobile unit on 
the move can be limited to a narrower area at the time of 
making a telephone call or during a telephone conversation. 
[0088] 

Next, detection of the current location information of a 
mobile unit during a telephone conversation will be described. 
[0089] 

Fig. 6 is a diagram for illustrating mid-call channel 
switching control of an automobile telephone. 
[0090] 

The mid-call channel switching refers to switching to a 
channel used in a newly entered zone when an automobile 
having a mobile unit moves from one radio zone to another 
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radio zone during a telephone conversation so as to continue 
the telephone conversation. To be more specific, there is no 
distinct boundary between radio zones. The intensity of 
radio waves in a radio zone gradually decreases, while 
fluctuating, toward the boundary of the zone, and the radio 
waves from the base stations of adjacent areas are 
superimposed on each other near the boundary between the 
areas while fluctuating. Under such a fluctuation 
characteristic, the system operates such that it selects a 
zone with the highest reception level from a plurality of 
zones and connects the mobile unit to its base station. 
[0091] 

In Fig. 6, a mobile unit is a communication device which 
is mountable on an automobile and is a transaction terminal 
which can be detached from the automobile and brought in the 
special location as described in the first embodiment . An 
automobile having the mobile unit mounted thereon moves over 
a plurality of radio zones, i.e., a radio zone A, a radio 
zone B, and a radio zone C. A radio base station is provided 
for each of the radio zones , and the radio base stations , a 
radio line control station, an automobile telephone exchange, 
and a fixed network are connected via a channel. 
[0092] 

Next, the operation of the mid-call channel switching 
control will be described in terms of steps. 
[0093] 

<STEP 11 > A mobile unit which is in the middle of having 
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a telephone conversation in the radio zone A moves into the 

radio zone B. 

[0094] 

<STEP 12> A base station communication channel receiver 
which constantly monitors the reception level of the 
communication channel from the mobile unit becomes aware of 
the movement by sensing that the reception level has become 
lower than or equal to a predetermined value. 
[0095] 

<STEP 13> The radio base station notifies the radio line 
control station of the reduction in the level of the 
communication channel. 
[0096] 

<STEP 14 > The radio line control station directs the 
base stations of the radio zone A and its surrounding radio 
zones to monitor the reception level of the communication 
channel . 
[0097] 

Each of the base stations has, in addition to a control 
receiver and a communication receiver, an S/N monitoring 
receiver that monitors a reception level for switching 
communication channels. While the received frequencies of 
the aforementioned two types of receivers are fixed, the S/N 
monitoring receiver can be switched to any channel out of 
channels in an automobile telephone system; that is, even to 
the channel of an adjacent cell, by an externally provided 
direction. 
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[0098] 

<STEP 15> The base stations each switch the reception 
channel of the S/N monitoring receiver to the communication 
channel on the basis of the direction so as to measure the 
reception level of radio waves from the mobile unit and 
report the result to the radio line control station. 
[0099] 

<STEP 16 > The above radio line control station 
determines that a radio zone with the highest reception level 
is the radio zone into which the mobile station has moved. 
When the mobile unit has moved into another zone, the radio 
line control station requests the automobile telephone 
exchange to switch to the channel of the zone into which the 
mobile station has moved and transmits a mid-call channel 
switching signal so as to urge the mobile unit to switch to 
the new communication channel, via the communication channel 
of the base station A where the mobile unit has been 
originally present. 
[0100] 

<STEP 17 > The mobile unit switches to the new 
communication channel according to the direction. The radio 
base station of the radio zone B into which the mobile unit 
has moved checks the operation of the new communication 
channel to the mobile unit and switches to the new channel of 
the radio zone B. 
[0101] 

The locations of the base stations corresponding to the 
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radio zones or channels in the above operations determine a 
narrower location of the mobile unit, and the location of the 
mobile unit can be estimated by the location information of 
the radio base stations of the present system. 
[0102] 

In addition, although detailed descriptions have been 
omitted, even when the mobile unit is to originate a call, 
the radio line control station compares reception levels 
attached to call signals with each other, determines that a 
radio base station that has received the signal from the 
mobile station at the highest level is a radio zone in which 
the mobile unit is present, selects an unused channel out of 
communication channels of the radio zone, and directs the 
mobile unit to switch to the selected channel via the radio 
station. 
[0103] 

These location detecting methods rely not on a direction 
finding technique but on reception levels of radio waves . 
Therefore, although they cannot detect the actual location of 
a mobile unit accurately, they can still achieve location 
detection with satisfactory accuracy in a system using small 
cells or zones. 
[0104] 

Further, use of the thus obtained location information 
of the terminal, i.e., mobile unit, in place of the location 
detection by the motion sensor in the first and second 
embodiments can prevent unauthorized transactions in areas 
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other than the area registered in advance by an authorized 
user and, as in the case of the first and second embodiments, 
can achieve a more reinforced security function than can the 
conventional cryptographic technology alone. 
[0105] 

As described above, the security reinforcing system 
according to the third embodiment achieves detection of the 
location of a terminal by use of mobile unit location 
information intrinsic to a mobile radio communication system. 
Therefore, the security reinforcing system of the third 
embodiment has the excellent effect that it can achieve the 
same security reinforcing function as that of the first 
embodiment without newly incorporating another location 
detecting means to prevent unauthorized use of a terminal. 
[0106] 

Fig. 7 is a diagram for illustrating a security 
reinforcing system according to a fourth embodiment of the 
present invention . 
[0107] 

Whereas the second embodiment is an embodiment using an 
acceleration sensor as a motion sensor serving as terminal 
location detecting means and the third embodiment is an 
embodiment in which mobile unit location information is 
extracted from a mobile radio communication system and used, 
the fourth embodiment is a system which further reinforces 
the security of transactions by use of both location 
information detected by a motion sensor and mobile unit 
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location information of a mobile radio communication system. 
[0108] 

In the explanatory map-like drawing shown in Fig. 7 , 
circular zones 81 to 85 represent the radio zones which have 
been described in connection with the third embodiment and in 
which the location of a terminal can be detected on the basis 
of information from a mobile communication system. 
[0109] 

In Fig. 7, although 86 and 87 are drawn in the same 
plane, reference numeral 86 indicates a graphic user 
interface that can be displayed and operated only in a 
specific zone into which a mobile unit moves from a radio 
zone, and reference numeral 87 indicates a graphic user 
interface that can be displayed and operated only in the 
special location described in the first embodiment. 
[0110] 

For example, it is assumed that the shaded area 88 in 
the zone 85 in the graphic user interface 87 is a transaction 
permitted area. Although the surroundings of the zone 85 are 
not shown in Fig. 7, in reality, map data including the 
zone's surroundings are transmitted from a server and 
displayed on the user graphic interface. Thus, the target 
area can be found readily. 
[0111] 

The target area in which a transaction is permitted is 
set in the special location so as to register the target area 
in the server. Information about the registered area cannot 
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be seen in the user graphic interface 86 that can be 
displayed in the specific zone and merely a portion of the 
map is displayed. 
[0112] 

Next, the specific zone and detailed location correction 
will be described. 
[0113] 

The specific zone is a radio zone including the target 
area set in the special location. Since the location of a 
terminal in the zone cannot be known only by means of 
location information obtained from a mobile communication 
system, the location information detected by a motion 
detection sensor is used to detect the location of the 
terminal in the zone. 
[0114] 

When the location information detected by a motion 
detection sensor is determined to be unusable due to 
cumulative detection errors, detailed location correction is 
performed. 
[0115] 

The detailed location correction can be performed only 
in the above specific zone. The reasons for this are, for 
example, that the accuracy of location detection in the zone 
is already insured; this is advantageous in terms of accuracy 
since the target area is included in the zone; and the zone 
is a zone where an authorized user performs the detailed 
location correction. In addition, it may be the case that 
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the specific zone does not coincide with a zone where an 
unauthorized user attempts to perform the detailed location 
correction. Therefore, it is effective for reducing the 
possibility of unauthorized detailed location correction. 
[0116] 

The detailed location correction comprises activating 
the graphic user interface for the detailed location 
correction at a specific point in the target area within the 
specific zone as described above and that coincides to a 
specific point on the map which is known only to an 
authorized user with the current location of a terminal which 
is displayed on the basis of the location information 
detected by a motion detection sensor. 
[0117] 

Thus, terminal location detection accuracy sufficient to 
distinguish the target area within the specific zone from 
other areas is achieved, and the security reinforcement of 
transactions by use of detected terminal location information 
as described in the first embodiment can be achieved. 
[0118] 

As described above, the security reinforcing system 
according to the fourth embodiment has both location 
information acquiring means of a mobile communication system 
and a motion sensor of a terminal serving as terminal 
location detecting means. Therefore, even when a moving 
range is so big that accurate location information cannot be 
obtained by the motion sensor alone due to cumulative 
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detection errors, the approximate location of the terminal 
can be obtained in a size of a radio zone or cell from the 
location information obtained from the mobile radio 
communication system, and more accurate location of the 
terminal is then detected by use of the motion sensor. 
Consequently, even when, for example, the user of the 
terminal travels across Japan while carrying the terminal, 
the performance of the security reinforcing function does not 
deteriorate. 
[0119] 

Meanwhile, accuracy required for location detection by 
means of the motion sensor is such that a relatively narrow 
radio zone range can be limited as a moving range and a 
reduction in the costs of the location detecting means and 
simplification of the detection method by use of the motion 
sensor can be achieved. 
[0120] 

In addition, although in the present embodiment the 
approximate location of a terminal is obtained from location 
information from a mobile radio communication system, a line 
of the mobile radio communication system does not necessarily 
have to be used in actual transactions. For example, when 
wireless or wired LAN access considered less secure is 
available, reinforcement of the security function of 
transactions by use of location information is achieved even 
in the case of LAN access. 
[0121] 
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Information about the target area which has been set in 
the special location and in which a transaction is permitted 
is concealed from users at the time of implementation of the 
detailed location correction in the specific zone. Therefore, 
the present embodiment has the excellent effect of preventing 
those who are not an authorized user from performing 
unauthorized detailed location correction. 
[0122] 

Fig. 8 is a diagram showing the configuration of a 
security reinforcing system according to a fifth embodiment 
of the present invention. In the following description of 
the security reinforcing system according to the present 
embodiment, elements which are identical with those of the 
security reinforcing system shown in Fig. 1 are denoted by 
the same reference numerals, and repeated descriptions 
thereof are omitted. 
[0123] 

The fifth embodiment is an embodiment in which radio 
waves received by a mobile terminal having means for 
receiving external radio waves for a location detection 
system are used to detect the location of the terminal which 
is then used for security reinforcement, as in the first 
embodiment . 
[0124] 

In Fig. 8, A represents a portable terminal 500 of one 
to be authenticated, and B represents a server 200 which 
authenticates the user of the terminal A 500 and other users 
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and provides business transaction service. 
[0125] 

The terminal A 500 comprises RSA encryption system 
authentication means 110, terminal location detecting means 
510 , and transaction permitted area setting means 130. The 
terminal location detecting means 510 comprises a GPS 
receiver 511, reception determining means 512, and 
interpolation means 513. 
[0126 J 

The present embodiment is exactly the same as the first 
embodiment, except that the terminal location detecting means 

510 has the GPS (Global Positioning System) receiver 511 and 
detects the current location of a terminal on the basis of 
location information obtained from the GPS receiver 511. 
[0127] 

GPS, which calculates a position by means of radio waves 
from satellites, is widely used. An example of GPS used by a 
car-mounted GPS receiver to check the location and traveling 
direction of the automobile is disclosed in Japanese Patent 
Application Laid-Open No. 15573/1985. 
[0128] 

The present embodiment contemplates a mobile terminal 
which is mainly used outdoors, as in the case of the example 
of the car-mounted GPS receiver. Basically, the GPS receiver 

511 can receive a satellite navigation radio wave signal from 
a satellite at any time. However, even if there is a time 
interval during which the GPS receiver 511 cannot receive 
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radio waves, the GPS receiver 511 can estimate the moving 
speed of the terminal since it has the interpolation means 
513 and can estimate and use an estimation location or a 
range of the estimation location as terminal location 
information . 
[0129] 

Further, when an unauthorized user creates the situation 
in which radio waves cannot reach the GPS receiver 511 for an 
unauthorized purpose or poor reception of radio waves 
ascribable to a traveling environment continues, the 
reception determining means 512 determines this condition 
from the duration during which reception of radio waves is 
impossible and places the authentication means 110 under the 
control of transaction prohibition for the reason that 
accurate terminal location information is not available. 
[0130] 

When a transaction is attempted repeatedly with the 
authentication means 110 under the control of transaction 
prohibition, the authentication system B can perform a 
transaction prohibition process for eliminating a chance of 
an unauthorized use of a terminal when the number of times a 
transaction has been retried exceeds the preset number of 
allowable retries, as described in <STEP 9> of the first 
embodiment . 
[0131] 

As described above, since the security reinforcing 
system according to the fifth embodiment uses GPS for 
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detecting the location of a terminal as means for detecting a 
location by means of external signals, the security 
reinforcing system is free from the problem that errors in 
detecting the location coordinates of a terminal are 
accumulated, and correction of a detected location is not 
necessary. Consequently, a user is freed from the burden of 
effecting settings, and correction for an unauthorized 
purpose cannot be performed, thereby reinforcing security. 
[0132] 

As in the first embodiment, the thus obtained terminal 
location information is used as digital data to be exchanged 
in an authentication process to reinforce the security of 
user authentication. However, the provision of the reception 
determining means 512 can prohibit an unauthorized 
transaction even when an unauthorized user creates for an 
unauthorized purpose the situation in which the GPS receiver 
511 cannot be operated, and the authentication system can 
also prohibit a transaction when the unauthorized transaction 
is attempted repeatedly. Therefore, the security reinforcing 
system according to the fifth embodiment has the excellent 
effect of increasing the possibility of preventing an 
unauthorized transaction when a mobile terminal falls into 
the hands of an unauthorized user. 
[0133] 

Fig. 9 is a diagram showing the configuration of a 
security reinforcing system according to a sixth embodiment 
of the present invention. In the following description of 
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the security reinforcing system according to the present 
embodiment, elements which are identical with those of the 
security reinforcing system shown in Fig. 8 are denoted by 
the same reference numerals, and repeated descriptions 
thereof are omitted. 
[0134] 

The configuration of the sixth embodiment is the same as 
that of the fifth embodiment, except that, in combination 
with the method using a motion sensor, a displacement amount 
of the GPS receiver in an inoperable state is calculated from 
a displacement vector detected by the motion sensor to 
thereby improve the accuracy of the interpolation process by 
the interpolation means. The sixth embodiment is an 
embodiment which makes it possible to detect the accurate 
location of a terminal so as to enable a user to perform a 
transaction even when the user carrying the terminal is 
present in an area where satellite navigation radio waves 
cannot reach the terminal for a long period of time. 
[0135] 

In Fig. 9, A represents a portable terminal 600 of one 
to be authenticated, and B represents a server 200 which 
authenticates the user of the terminal A 600 and other users 
and provides business transaction service. 
[0136] 

The terminal A 600 comprises RSA encryption system 
authentication means 110, terminal location detecting means 
610, and transaction permitted area setting means 130. The 
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terminal location detecting means 610 comprises a GPS 
receiver 511, reception determining means 512, interpolation 
means 513, and a motion sensor 611. 
[0137] 

That is, the present embodiment is exactly the same as 
the first embodiment, except that the terminal location 
detecting means 610 of the terminal A 600 to be authenticated 
comprises the GPS receiver 511, the reception determining 
means 512, the interpolation means 513, and displacement 
detecting means 610 comprising the motion sensor 611. 
[0138] 

As in the case of the fifth embodiment, in the sixth 
embodiment a terminal to be authenticated also has the GPS 
receiver 511. Therefore, the absolute location of the 
terminal can be known by means of a satellite navigation 
radio wave signal as in the case of the fifth embodiment. 
[0139] 

In the fifth embodiment, when the reception of a 
satellite navigation radio wave signal is poor, the reception 
is determined by the reception determining means 512, and the 
location range of a terminal is estimated from an estimated 
traveling speed of the terminal by the interpolation means 
513. Thereby, the location of the terminal can be known by 
location estimation by interpolation, but only when the 
duration of the poor reception is short . 
[0140] 

Meanwhile, the sixth embodiment additionally has the 
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displacement detecting means comprising the motion sensor 611. 
Therefore, even when the reception of a satellite navigation 
radio wave signal is poor, displacements can be detected by 
the displacement detecting means comprising the motion sensor 
611. This location detection has already been described in 
the second embodiment by use of the example in which the six- 
axis motion sensor 410 comprising an acceleration sensor is 
used. 
[0141] 

Since the sixth embodiment has two location detecting 
means, it may assign higher priority to one of them over the 
other according to the accuracies and usable conditions of 
the detecting means. 
[0142] 

In a case where use of a mobile terminal under the 
circumstances where the terminal can receive a satellite 
navigation radio wave signal at any time is considered 
important, location information from the GPS receiver 511 is 
used as the location information of the terminal as in the 
case of the fifth embodiment. Every time poor reception of 
the signal occurs, a displacement during the poor reception 
period is detected. The displacement, in vector form, is 
added to the location immediately before the occurrence of 
the poor reception period to thereby calculate and use the 
coordinates of the current location of the terminal. Upon 
restoration of the reception of the signal, use of location 
information from the GPS receiver 511 is resumed. 
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[0143] 

In contrast, in a case where a terminal is generally 
used indoors but is sometimes used outdoors and carried 
around, when poor reception of the satellite navigation radio 
wave signal continues indoors , location information based on 
displacement detection by means of the motion sensor 611 is 
mainly used, as in the case of the second embodiment. 
[0144] 

In this case, location information from the GPS receiver 
511 can be provided to the initial value/correction value 
inputting means 124 of the terminal location detecting means 
120 of Fig. 4 which has been described in connection with the 
second embodiment, periodically or aggressively under the 
circumstances where the satellite navigation radio wave 
signal can be used to prevent accumulation of errors in 
detecting displacements by the motion sensor 611. Thus, a 
combination of displacement detection by the motion sensor 
611 and location information from the GPS receiver 511 
provides more reliable terminal location detection. 
Attachment of the location information to the digital data 
exchanged at the time of authentication as described in the 
first embodiment further improves the reliability of user 
authentication . 
[0145] 

As described above, the security reinforcing system 
according to the sixth embodiment uses the GPS for detecting 
the location of a terminal, thereby requiring no correction 
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of a detected location as in the case of the fifth embodiment . 
Further, use of the motion sensor 611 makes it possible to 
detect the location of a terminal which is present in an area 
where satellite navigation radio waves do not reach the 
terminal over a long time period. Thereby, a terminal can be 
used almost anywhere, and accurate location information can 
be obtained to thereby improve the reliability of transactor 
authentication. 
[0146] 

When a location detected by the GPS is used as main 
location information and a location detected by the motion 
sensor 611 is used as supplemental location information, 
accuracy of location detection should be sufficient to detect 
a displacement during a short period when satellite 
navigation radio waves do not reach a terminal; i.e., a 
displacement within a narrow moving range. Thus, location 
detection by means of the motion sensor 611 does not require 
high accuracy. 
[0147] 

Meanwhile, in the case of a method in which a location 
detected by the motion sensor 611 is used as main location 
information and location information obtained by means of the 
GPS is used for correction of an absolute location detected 
by the motion sensor 611, the GPS receiver does not have to 
be kept in action. Therefore, the method is effective in 
reducing power consumed by a mobile terminal. 
[0148] 
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When these methods are actually used for detecting the 
location of a terminal carried around outdoors, for example, 
errors in location detection by the motion sensor 611 are 
liable to occur, since the terminal does not remain in the 
same position when carried around. However, this is not 
problematic, since satellite navigation radio waves can be 
used when the terminal is carried around. In contrast, when 
the terminal is used indoors, detection of the location of 
the terminal relies on the motion sensor 611, since satellite 
navigation radio waves cannot be used indoors. In this case, 
since the terminal is used in a fixed position, errors in 
location detection by the motion sensor 611 are not 
accumulated, and therefore a very reasonable operation can be 
expected. 
[0149] 

Fig. 10 is a diagram showing the configuration of a 
security reinforcing system according to a seventh embodiment 
of the present invention. In the following description of 
the security reinforcing system according to the present 
embodiment, elements which are identical with those of the 
security reinforcing system shown in Fig. 1 are denoted by 
the same reference numerals, and their repeated descriptions 
are omitted. 
[0150] 

The seventh embodiment is a security reinforcing method 
in which the terminal of one to be authenticated is a car- 
mounted terminal and terminal location information is 
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obtained from a car navigation system. 
[0151] 

In Fig. 10, a terminal A 700 to be authenticated is a 
car-mounted terminal and is used mainly in a car, except for 
the time when the setting is made in the special location as 
described in the first embodiment. 
[0152] 

A terminal location detecting means 120 of the terminal 
A 700 to be authenticated is connected to a car navigation 
system terminal 720 having a data output port 710. 
[0153] 

The car navigation system terminal 720 is a general- 
purpose car navigation device and is capable of displaying a 
road map corresponding to the traveling path and the location 
of an automobile having the terminal mounted thereon. 
Illustrative examples of car navigation systems include one 
having the above motion sensor and/or GPS receiver, one which 
calculates a traveling distance from the rotations of wheels, 
and one disclosed in Japanese Patent Application Laid-Open No 
297821/1992. 
[0154] 

The car navigation system terminal 720 has the data 
output port 710 that outputs information about the location 
of the automobile that associates the location of the 
automobile to corresponding coordinates on a road map. The 
data output port 710 is connected to the terminal location 
detecting means 120 of the terminal A 700 to be authenticated 
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[0155] 

In the above configuration, the terminal location 
detecting means 120 of the terminal A 700 to be authenticated 
receives information about the location of the automobile 
from the car navigation system terminal 720* However, since 
the information is data obtained from the general-purpose 
navigation device, the terminal location detecting means 120 
associates map information in the navigation device with the 
coordinate system for showing location information in the 
device to be authenticated or in a device which performs 
authentication, so as to determine the location of the 
automobile on the coordinate system. That is, rather than 
detecting the location of the automobile by itself, the 
terminal location detecting means 120 converts the location 
information of the automobile which is obtained from the 
navigation device into terminal location coordinates. 
[0156] 

The thus obtained terminal location coordinates can be 
attached to digital information exchanged at the time of 
authentication to thereby improve the reliability of user 
authentication as in the first embodiment. 
[0157] 

Further, even when the location information of the 
automobile can be input by means of devices other than the 
device to be authenticated, the probability that a third 
person succeeds in inputting the location information of the 
automobile for an unauthorized purpose is very low, since a 
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transaction permitted area registered in the device which 
performs authentication by an authorized user is not known to 
the third person. 
[0158] 

As described above, in the security reinforcing system 
according to the seventh embodiment, the location of a 
terminal is obtained by conversion of information about the 
location of an automobile having the terminal mounted thereon 
which is obtained from the general-purpose car navigation 
system terminal 720. Therefore, sophisticated location 
detecting means does not need to be incorporated into the 
terminal for conducting a transaction, thereby reducing costs 
per terminal. The information about the location of the 
automobile which is obtained from the car navigation system 
terminal 720 can be displayed on a map so as to check the 
location of the automobile on the map, thereby obviating 
concern about a malfunction caused by errors in location 
detection . 
[0159] 

Thus, as described in detail in the above embodiments, 
when the present security reinforcing system having excellent 
characteristics is used as an authentication method in a 
mobile terminal, the terminal to be authenticated can detect 
its location and use information about its current location. 
Attachment of the terminal location information to digital 
data exchanged in an authentication process upon transaction 
can prevent an unauthorized transaction attempted in areas 
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other than a secretly registered transaction permitted area 
and reinforce a security function in combination with an 
authentication function using cryptography or the like. 
[0160] 

Further, use of a non-secure communication channel may 
results in a case in which secret information used in 
authentication or a terminal or card device containing the 
secret information is stolen by a third person. Even in such 
a case, since a security function using location information 
functions effectively, the system can be used for reinforcing 
the function of authenticating a user in electronic commerce 
using an open network such as the Internet. 
[0161] 

Particularly, since a portable terminal incorporating 
the system has a reinforced security function of preventing 
an unauthorized transaction when the device itself falls into 
the hands of a third person, the portable terminal can be 
used as a portable transaction terminal. 
[0162] 

The method for reinforcing the accuracy of user 
authentication by use of terminal location information is 
considered more versatile than other commonly used methods 
using physical characteristics and is also considered 
preferable, since it does not make a user feel rejected. 
[0163] 

Further, although the example in which secret 
information to be used for authentication is incorporated 
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into a terminal to be authenticated has been described in the 
above embodiments, the secret information to be used for 
authentication or location detecting means may be 
incorporated into a card device which can be attached to and 
detached from a terminal. This configuration can also give 
the same security reinforcing effect . 
[0164] 

Further, in the example, the present invention is 
applied to a security reinforcing system used via a network. 
However, the present invention can be applied to all 
authentication methods comprising authenticating the user of 
a terminal by use of digital information exchanged via a 
communication channel. 
[0165] 

In addition, the present invention is not limited by the 
name "security reinforcing system." Needless to say, its 
designation can be altered to authentication method or the 
like as appropriate within the technical principle of the 
present invention, and the present invention may be 
incorporated into a portion of a communication system. 
[0166] 

[Effects of the Invention] 

The security reinforcing system according to the present 
invention is a security reinforcing system using an 
authentication method for authenticating the user of a 
terminal by means of digital information which is exchanged 
via a communication line, wherein the device of one to be 
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authenticated comprises terminal location detecting means for 
detecting the location of the terminal and permitted area 
setting means for setting a transaction permitted area; the 
device of one who performs authentication comprises 
registered area storing means for storing the registered 
areas of users which have been set by the permitted area 
setting means and area determining means for determining 
whether the location of a terminal which has been detected by 
the terminal location detecting means falls within the 
registered area; and authentication of a user is complemented 
by the terminal location information. Therefore, the 
possibility of impersonation performed by an unauthorized 
user can be eliminated, and a security function can be 
significantly reinforced even when a non-secure communication 
channel is used. 

[Brief Description of the Drawings] 

[Fig. 1] A block diagram showing the configuration of a 
security reinforcing system according to a first embodiment 
of the present invention . 

[Fig. 2] A flowchart for illustrating the operation of the 
security reinforcing system of the first embodiment. 
[Fig. 3] A block diagram showing the configuration of a 
security reinforcing system according to a second embodiment 
of the present invention. 

[Fig. 4] A block diagram showing the configuration of the 
terminal location detecting means of the security reinforcing 
system of the second embodiment. 
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[Fig. 5] A diagram for illustrating location detection by a 
security reinforcing system according to a third embodiment 
of the present invention. 

[Fig. 6] A diagram for illustrating mid-call channel 
switching control of an automobile telephone performed by the 
security reinforcing system of the third embodiment. 
[Fig. 7] A diagram for illustrating a security reinforcing 
system according to a fourth embodiment of the present 
invention . 

[Fig. 8] A block diagram showing the configuration of a 
security reinforcing system according to a fifth embodiment 
of the present invention. 

[Fig. 9] A block diagram showing the configuration of a 
security reinforcing system according to a sixth embodiment 
of the present invention. 

[Fig. 10] A block diagram showing the configuration of a 
security reinforcing system according to a seventh embodiment 
of the present invention. 

[Fig. 11] A diagram showing an algorithm of an RSA encryption 
system. 

[Description of Reference Numerals] 
10 one to be authenticated a 

100, 500, 600, 700 terminal to be authenticated A (device of 

one to be authenticated) 

110, 210 authentication means 

120, 510, 610 terminal location detecting means 
130 transaction permitted area setting means 
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200 server B (device of one to perform authentication) 
220 security function supporting means (registered area 
storing means) 

230 user transaction permitted area determining means (area 
determining means) 

300 secure communication channel 
310 non-secure communication channel 
400 portable communication terminal body 
410, 611 six-axis motion sensor 

511 GPS receiver 

512 reception determining means 

513 interpolation means 
710 data output port 

720 car navigation system terminal 
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FIG. 1 

10 ONE TO BE AUTHENTICATED a 

110 AUTHENTICATION MEANS 

A PRIVATE KEY 

B PUBLIC KEY 

C ENCRYPTION 

D DECRYPTION 

E THREE-DIMENSIONAL TERMINAL LOCATION COORDINATES 

120 TERMINAL LOCATION DETECTING MEANS 

130 TRANSACTION PERMITTED AREA SETTING MEANS 

310 NON-SECURE COMMUNICATION CHANNEL 

300 SECURE COMMUNICATION CHANNEL 

210 AUTHENTICATION MEANS 

230 USER TRANSACTION PERMITTED AREA DETERMINING MEANS 
220 SECURITY FUNCTION SUPPORTING MEANS 

FIG. 2 
A START 

STEP 1 MAKE INITIAL SETTING OF TERMINAL LOCATION DETECTING 
MEANS 

STEP 2 SET TRANSACTION PERMITTED AREA 

STEP 3 START COMMUNICATION WITH SERVER B 

STEP 4 ENCRYPT USER ID OF a WITH PUBLIC KEY OF B AND 

TRANSMITS THE ID 

STEP 5 THE SERVER INQUIRES OF MENUS SUCH AS TYPE OF 
TRANSACTION AND PASSWORD 

STEP 6 ENCRYPT THE PASSWORD OF a, TRANSACTION DATA, AND 
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TERMINAL LOCATION INFORMATION WITH PRIVATE KEY AND TRANSMIT 
THEM 

STEP 7 THE SERVER AUTHENTICATES a BY THE PASSWORD AND 
VERIFIES RELIABILITY OF THE AUTHENTICATION BY THE TERMINAL 
LOCATION INFORMATION 
B AUTHENTICATED ? 

STEP 8 ACCEPT AND PROCESS TRANSACTION 
STEP 9 PERFORM UNAUTHORIZED USE PROCESS 
C RETRY TRANSACTION ? 
D END 

E SPECIAL LOCATION WITH SECURE COMMUNICATION CHANNEL 
F AREAS OTHER THAN SPECIAL LOCATION, WITH NON- SECURE 
COMMUNICATION CHANNEL 
G AUTHENTICATION PROCESS 

FIG. 3 

410 SIX-AXIS MOTION SENSOR 

400 PORTABLE COMMUNICATION TERMINAL BODY 
120 TERMINAL LOCATION DETECTING MEANS 

FIG. 4 

BLOCK DIAGRAM OF THE TERMINAL LOCATION DETECTING MEANS OF THE 
SECOND EMBODIMENT 

120 TERMINAL LOCATION DETECTING MEANS 

121 DISPLACEMENT DATA INPUTTING MEANS 

12 2 3 -AXIS ROTATION INFORMATION INPUTTING MEANS 
123 DISPLACEMENT VECTOR CALCULATING MEANS 



59 



124 INITIAL VALUE/CORRECTION VALUE INPUTTING MEANS 

125 MEMORY MEANS 

126 CURRENT LOCATION COORDINATES CALCULATING MEANS 

127 TERMINAL CURRENT LOCATION THREE-DIMENSIONAL COORDINATES 
OUTPUTTING MEANS 

FIG. 5 

DIAGRAM FOR ILLUSTRATING LOCATION DETECTION IN THE THIRD 

EMBODIMENT 

A RADIO ZONE 

B CONTROL ZONE A 

C CONTROL ZONE B 

D RADIO BASE STATION 

E RADIO LINE CONTROL STATION 

F AUTOMOBILE TELEPHONE EXCHANGE 

G HOME MEMORY STATION 

FIG. 6 

DIAGRAM FOR ILLUSTRATING MID-CALL CHANNEL SWITCHING CONTROL 

OF AUTOMOBILE TELEPHONE 

A RADIO ZONE A 

B RADIO ZONE B 

C RADIO ZONE C 

D MOBILE UNIT 

E RADIO BASE STATION 

F RADIO LINE CONTROL STATION 

G AUTOMOBILE TELEPHONE EXCHANGE 
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H FIXED NETWORK 
FIG. 7 

81 RADIO ZONE 
FIG. 8 

10 ONE TO BE AUTHENTICATED 
110 AUTHENTICATION MEANS 
A PRIVATE KEY 
B PUBLIC KEY 
C ENCRYPTION 
D ENCRYPTION 

E TERMINAL LOCATION COORDINATES 

510 TERMINAL LOCATION DETECTING MEANS 

511 GPS RECEIVER 

512 RECEPTION DETERMINING MEANS 

513 INTERPOLATION MEANS 

130 TRANSACTION PERMITTED AREA SETTING MEANS 

310 NON-SECURE COMMUNICATION CHANNEL 

F SATELLITE NAVIGATION RADIO WAVES SIGNAL 

300 SECURE COMMUNICATION CHANNEL 

210 AUTHENTICATION MEANS 

230 USER TRANSACTION PERMITTED AREA DETERMINING MEANS 
220 SECURITY FUNCTION SUPPORTING MEANS 

FIG. 9 

10 ONE TO BE AUTHENTICATED 
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110 AUTHENTICATION MEANS 
A PRIVATE KEY 
B PUBLIC KEY 
C ENCRYPTION 
D DECRYPTION 

TERMINAL LOCATION COORDINATES 

610 TERMINAL LOCATION DETECTING MEANS 

511 GPS RECEIVER 

512 RECEPTION DETERMINING MEANS 

513 INTERPOLATION MEANS 

611 MOTION SENSOR 

130 TRANSACTION PERMITTED AREA SETTING MEANS 

310 NON- SECURE COMMUNICATION CHANNEL 

F SATELLITE NAVIGATION RADIO WAVES SIGNAL 

300 SECURE COMMUNICATION CHANNEL 

210 AUTHENTICATION MEANS 

230 USER TRANSACTION PERMITTED AREA DETERMINING MEANS 
220 SECURITY FUNCTION SUPPORTING MEANS 

FIG- 10 

10 ONE TO BE AUTHENTICATED a 

110 AUTHENTICATION MEANS 

A PRIVATE KEY 

B PUBLIC KEY 

C ENCRYPTION 

D DECRYPTION 

E TERMINAL LOCATION COORDINATES 
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120 TERMINAL LOCATION DETECTING MEANS 

720 CAR NAVIGATION SYSTEM TERMINAL 

710 DATA OUTPUT PORT 

130 TRANSACTION PERMITTED AREA SETTING MEANS 

310 NON-SECURE COMMUNICATION CHANNEL 

300 SECURE COMMUNICATION CHANNEL 

210 AUTHENTICATION MEANS 

230 USER TRANSACTION PERMITTED AREA DETERMINING MEANS 

220 SECURITY FUNCTION SUPPORTING MEANS 

FIG. 11 

A ENCRYPTION 

B DECRYPTION 

C WHERE 

D ALGORITHM OF RSA ENCRYPTION SYSTEM 

M: ORDINARY TEXT 

C: ENCRYPTED TEXT 

e. n: PUBLIC KEYS 

d: PRIVATE KEY 

p, q: LARGE PRIME NUMBERS (HIDDEN PRIVATE KEYS) 

n : p x q 

L: LEAST COMMON MULTIPLE OF p-1 AND q-1 

e: NUMBER DISJOINT TO L 

d: NUMBER SATISFYING (e x d) mod L = 1 
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